Participants in the JOSE working group have described use cases where a JSON top-level representation of digitally signed, HMAC’ed, or encrypted content is desirable. They have also described use cases where multiple digital signatures and/or HMACs need to applied to the same message and where the same plaintext needs to be encrypted to multiple recipients.
Responding to those use cases and working group input, I have created two new brief specifications:
- JSON Web Signature JSON Serialization (JWS-JS)
- JSON Web Encryption JSON Serialization (JWE-JS)
These use the same cryptographic operations as JWS and JWE, but serialize the results into a JSON objects, rather than a set of base64url encoded values separated by periods (as is done for JWS and JWE to produce compact, URL-safe representations).
These drafts are available at:
- http://tools.ietf.org/html/draft-jones-json-web-signature-json-serialization-00
- http://tools.ietf.org/html/draft-jones-json-web-encryption-json-serialization-00
HTML-formatted versions are available at:
- https://self-issued.info/docs/draft-jones-json-web-signature-json-serialization-00.html
- https://self-issued.info/docs/draft-jones-json-web-encryption-json-serialization-00.html
Feedback welcome!
Leave a Reply
You must be logged in to post a comment.